AII0120E RACROUTE REQUEST=VERIFY, ENVIR=action ended with RC=saf_rc Security system RC=X'sec_rc' Reason=X'sec_rsn'. Additional messages might be available in JOBLOG for JOB job_name (job_number) on system smf_id.
Explanation
Distributed Access Infrastructure could not authenticate the client. This condition can occur when the client is logging on to Distributed Access Infrastructure or when the client is attempting to access a resource on z/OS®.
- The client specifies a user ID that is not defined to the security system.
- The client specifies the incorrect password for the user ID.
- Mixed-case password is translated to uppercase because NoMixedCase is set for the Password parameter in the Distributed Access Infrastructure server configuration.
- The SecurityGroup parameter is specified in the Distributed Access Infrastructure server configuration, but the group is not defined to the security system.
- The SecurityGroup parameter is specified in the Distributed Access Infrastructure server configuration, but the user ID is not connected to this group.
- The SecurityAppl parameter is specified in the Distributed Access Infrastructure server configuration, and the specified application name is defined the APPL CLASS of the security system. However, the user ID does not have READ access to the APPL CLASS profile of the application.
- action
- The action is CREATE when Distributed Access Infrastructure is attempting to verify access of the client. The action is DELETE when Distributed Access Infrastructure detects an error while Distributed Access Infrastructure is cleaning up after processing.
- saf_rc
- The return code from the SAF RACROUTE VERIFY request.
- sec_rc
- The return code from the underlying security function (RACINIT).
- sec_rsn
- The reason code from the underlying security function (RACINIT).
- job_name
- The job name of the Distributed Access Infrastructure server.
- job_number
- The job number of the Distributed Access Infrastructure server.
- smf_id
- The SMF ID of the system on which the server is running.
System action
If this condition occurs while the user is attempting to log on, Distributed Access Infrastructure denies the logon request. If this condition occurs while attempting to access a z/OS resource, Distributed Access Infrastructure denies access to the resource. In all cases, an error is returned to the client.
User response
See the return and reason codes, which are documented in the security systems RACROUTE reference manual. For example, for RACF®, these codes are found in the topic "RACROUTE REQUEST=VERIFY" in z/OS Security Server RACROUTE Macro Reference (SA23-2294).